Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Introduction to Linux - A Hands on Guide
This guide was created as an overview of the Linux Operating System, geared toward new users as an exploration tour and getting started guide, with exercises at the end of each chapter.
For more advanced trainees it can be a desktop reference, and a collection of the base knowledge needed to proceed with system and network administration. This book contains many real life examples derived from the author's experience as a Linux system and network administrator, trainer and consultant. They hope these examples will help you to get a better understanding of the Linux system and that you feel encouraged to try out things on your own.
Click Here to receive this Complete Guide absolutely free.
wow- slackware has seriously humbled me today. yesterday was great: i learned alot, but today i got slapped around big time!
anyways-
i'm running slackware-current and i'm loading rc.firewall at boot. I had a problem today with ntalk and thought that it might be firewall related so i figured i'd turn it off and see if it made a difference.
how do you turn a slackware iptables /etc/rc.d/rc.firewall off with out rebooting?
i am seriously looking forward to the day when i can answer more questions than i need to ask. until then, thanks for helping!
i will asume you made the firewall script yourself
make another script called firewall.stop
this is turning off NAT routing as well
so change if you don't want that
also chmod 755 so it will run
Thank you both for your help. You know, when I was getting my slack box up I wanted to get a firewall up asap. I found one that did what I was looking for (drop everything but ssh) and followed the directions that said put into /etc/rc.d/rc.firewall.
the rc.firewall file did exist, but it was empty. Below is a copy of what I have been using. I know that you're probably shaking your heads because I obviously have no idea how iptables works (yes, it's true- I admit it) but please be patient with me- there is alot to learn.
a check with nmap shows that i have no ports open- and i could get into my box with ssh, so after I had the rc.firewall script installed I just went on to something else and tabled the firewall question until i had more time to get back to it (now- i suppose is a good time).
Does slack come with another utility for firewalls? I thought that you had to write your own script for rc.firewall?! I bet anything out there will run on slack, and it's just up to the individual to figure out what they want to use... so many options with slack.
anyways, here's the rc.firewall- and thanks again for the help!!
#!/bin/bash
# rc.firewall for
# Basic Slackware Security
# These two rules set the default policies, i.e. what to do if a
# packet doesn't match any other rule, to drop any packet coming
# into (INPUT) or routing through (FORWARD) the box.
iptables -P INPUT DROP
iptables -P FORWARD DROP
# These rules are added (-A) to the INPUT chain. They allow packets
# from any previously established connections and accept anything
# from the loopback interface.
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -s 127.0.0.1 -d 127.0.0.1 -i lo -j ACCEPT
# This rule added to the INPUT chain accepts any ssh connections.
iptables -A INPUT -p tcp --dport 22 -i eth0 -j ACCEPT
Thanks for your post. When I typed "iptables -F" I lost my connection to my box (i connect with putty). I had to go and type "/etc/rc.d/rc.firewall" at the terminal to be able to reconnect with putty.
I think that I will now go and read up on how iptables works, as my ignorance is bothering me!!
Please let me know if you know of a good beginners guide. I'll hit the web first, then the man pages (which can be hard to comprehend).
yea
this stuff is easy -- all you need is "man iptables" to figure it out
look at what i put
-Z zero out the counters (default filter table)
-F flush the rules (default filter table)
-F flush the rules for (-t = table) nat and mangle tables
note that modern kernels have three other built-in chains for mangle that go unused by me but possibly i should have included them as well in my stop script !
then:
-X delete the chain
-P now i have to set some new policies
namely that INPUT FORWARD and OUTPUT should function normally (default filter table)
like majic -- firewall filtering is stopped and full functionality is restored
Thanks for your post. When I typed "iptables -F" I lost my connection to my box (i connect with putty). I had to go and type "/etc/rc.d/rc.firewall" at the terminal to be able to reconnect with putty.
Sorry about that, I didn't think you'd be using a NATed
connection but rather be on the local network or even
console when you asked. And yes, if the machine you're
talking to is on an interface that is being handled by the
firewall (which NATing is) you'll fall off, too, when you
turn the firewall off :)
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.